Using the command line interface (CLI) : diagnose : diagnose tcpdump start|stop
 
diagnose tcpdump start|stop
Allows you to use tcpdump to log packet traffic information for a target database and save it to the local disk.
Like the TCP/IP sniffer, tcpdump requires a connection to a mirror port on the switch that handles TCP/IP traffic for the target database. For more information, see “Network requirements for monitoring using the TCP/IP sniffer”.
You can export the tcpdump log files to an FTP server and remove them from the local disk. For more information, see “execute backup fd-tcpdump” and “execute backup-remove fd-tcpdump”.
Syntax
diagnose tcpdump start|stop <port> <client IP> <server IP> [minutes]
where:
Variables
Description
start|stop
Specifies whether to start a new tcpdump log file or stop a current monitoring session.
<port>
The FortiDB Ethernet port on which tcpdump intercepts and logs packet traffic. This port is connected to the mirror port on the switch that handles TCP/IP traffic for the database.
<client IP>
The IP address of the database client.
Enter * to specify any IP address.
<server IP>
The IP address where the target database is located.
Enter * to specify any IP address.
[minutes]
Specifies the length of time tcpdump monitors packet traffic between the specfied database and client, in minutes. Maximum value is 720.
If you do not specify a duration, tcpdump monitors the specified packet traffic for 60 minutes or until you enter a corresponding diagnose tcpdump start|stop command.
Example
To monitor database traffic seen on port2 for 10 minutes:
diagnose tcpdump start port2 <your_client_IPaddress> <your_database_server_IPaddress> 10
See also
execute backup fd-tcpdump
execute backup-remove fd-tcpdump
diagnose tcpdump status